General

  • Target

    58b7f2643522eee80d3b8abf095481b0

  • Size

    296KB

  • Sample

    240113-mr5tqshea5

  • MD5

    58b7f2643522eee80d3b8abf095481b0

  • SHA1

    543447ea58849a7f72a1813947445ad3d18103c8

  • SHA256

    2cccd848a5410e29867a21aced45c948a3bdf9d14efcabbfa88bd34f30844157

  • SHA512

    03c766742633654f746306e5b1138fe77d667374e67747e6425203313a68350032c5086c08e39d1c241e94f575cbb47f7dc366c02d1fdcb3b6e560d093f29f44

  • SSDEEP

    6144:Jvv/6G7RY/3B6Bm8pQtT2a6mNLG8t9uBARwoOL:9vC/6PQtT2a6mNvtgBuwoO

Malware Config

Extracted

Family

redline

Botnet

Htrin

C2

94.103.9.168:33783

Targets

    • Target

      58b7f2643522eee80d3b8abf095481b0

    • Size

      296KB

    • MD5

      58b7f2643522eee80d3b8abf095481b0

    • SHA1

      543447ea58849a7f72a1813947445ad3d18103c8

    • SHA256

      2cccd848a5410e29867a21aced45c948a3bdf9d14efcabbfa88bd34f30844157

    • SHA512

      03c766742633654f746306e5b1138fe77d667374e67747e6425203313a68350032c5086c08e39d1c241e94f575cbb47f7dc366c02d1fdcb3b6e560d093f29f44

    • SSDEEP

      6144:Jvv/6G7RY/3B6Bm8pQtT2a6mNLG8t9uBARwoOL:9vC/6PQtT2a6mNvtgBuwoO

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

MITRE ATT&CK Matrix

Tasks